Many online services, such as government benefits websites and online banking websites, require a user to prove their identity before they can set up or access account information. A variety of traditional methods for establishing a user's identity exist, such as mailing a confirmation code to the user and having the user input the confirmation code into the website. In some examples, a service may have a user create a secret question and answer set, such as those found in password reset systems. Other services may utilize methods that do not require the user to have previously established secret questions. For example, a service may skim information about the user from combinations of publicly and privately available information, such as credit reports, transaction histories, etc., to generate authentication questions.
However, these existing verification methods suffer from a variety of flaws. Mailed confirmation codes are slow and susceptible to all the vulnerabilities of paper mail, such as being incorrectly delivered, lost, or even intercepted. Answers to questions derived from publicly available information may be ascertained by a determined attacker with access to ever-stronger search engines. Even questions derived from privately held information may be at risk, as personal information such as credit history may be readily available through illicit channels or obtain via hacking. The instant disclosure, therefore, identifies and addresses a need for improved systems and methods by which to generate knowledge-based authentication questions.